What is DMARC? Email Authentication Simplified

Google made a big announcement on 30th January 2012. Well, it wasn’t just Google, the announcement actually came from fifteen leading email service and technology providers, that they are all fighting spam and phishing together, in a big way, by forming a new email authentication standard. If you are in any way connected with digital marketing, or email marketing here is a short post on what how and why of this important development.

Who has formed this new standard?
It is formed by DMARC.org. DMARC stands for Domain-based Message Authentication, Reporting & Conformance.

The founding contributors include:
Receivers: AOL, Comcast, GMail, Hotmail, Yahoo! Mail
Senders: American Greetings, Bank of America, Facebook, Fidelity, LinkedIn, Paypal
Intermediaries & Vendors: Agari, Cloudmark, eCert, ReturnPath, Trusted Domain Project

Why is this needed?
To combat email fraud. It’s easy to fake an email. How can readers know if the email was really sent by their bank? How will Gmail know if the bank really sent the email? Email fraud is a big concern for everyone. Unfortunately India is right on top of email spam. This is a very important and good development for us.

Read the rest of this entry »


What is SPF? SPF explained in simple words

Have you seen emails go out in the sun and get totally tanned? Well, they should have used a sunscreen with a Sun Protection Factor of 30. Whaaaa?

Ok. I am kidding. The SPF in your sunscreen has nothing to do with the SPF in email marketing. 🙂 In this post I hope to convey in very simple words, without getting into any jargon what SPF is about.<

SPF in Email Marketing is an “Authentication Mechanism”. It’s like a badge that your email carries and produces when the bouncer at the ISP asks for it.

  1. Who wants this authentication? The ISP who is showing you the email, for example Yahoo is the ISP that checks the email before letting it into your Yahoo Mail inbox. (Substitute Yahoo for Gmail, Hotmail etc.)
  2. What is being authenticated? The email is being checked to see if it was sent by a spammer.
  3. Who authorizes, or establishes if the email is genuine? Your website.

Here is how this happens:

  1. The ISP asks the email for its “ID” card or badge before letting the email in.
  2. The email then shows its “SPF” which is like its badge showing which website it has come from.
  3. The ISP then goes sneaking to the website, asking if the ID is genuine. The website looks at the badge and says “Yup. That’s my email, alright. Please let him pass.”

Here is this exchange in the format the “Internets” understand well, via stick people (who else?)!

SPF explained in simple wordsSPF explained in simple words

So you see the final authority in making sure that your emails land in the inbox is with your website. Your website needs to “authenticate” the email. The full form of SPF is Sender Policy Framework (seriously, I think the Internet people who come up with such names should go out in the sun more often!). If you don’t have SPF, you don’t get in the inbox. Simple. Just like you should not go out in the sun without sunscreen don’t start your email marketing without SPF.

How is the SPF thingy done? That’s for next post. In that post I will share the SPF details in slightly more technical terms.